Mobile Banking - Is it Ready for Prime Time?

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Mobile banking - just how real is the trend? And how secure are the solutions?

Increasingly so, according to industry analysts and practitioners who are at the leading edge of the movement to deliver banking services to customers' cell phones and PDA's.

In the U.S., there are an estimated 1.5 million banking customers who receive some kind of banking information via their cell phones, according to Nick Holland, information security analyst at Aite Group, the Boston-based consultancy. This estimate includes 500,000 users that Bank of America - the largest player in the market -- says is using its mobile banking service.

Customers of banks offering mobile banking via cell phones and smart phones can check their account balances, transfer funds between existing accounts, and -- with some services -- pay bills online.

While the exact number of banks and credit unions now offering mobile banking services to customers isn't pinned down yet, Holland estimates that after the mobile banking "breakdown" in the 2000-2001 timeframe, the number of banks and credit unions beginning to offer mobile banking to customers is rising rapidly. "Surprisingly, quite a number of credit unions have begun offering mobile banking to their members," Holland says.

As early adopters, credit unions typically embrace new technology and so do their customers, Holland says.

Most of the institutions offering mobile banking to customers have taken the approach to deliberately make it as safe as possible to encourage adoption by customers. "The majority of mobile banking services now offer the same functionality as an ATM, and it is more informational and less emphasis on transactions," Holland says.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

To gain further acceptance of consumers, most mobile banking offerings have more than one way to accept information. The three ways consumers can view their bank information are via cell phone are:

• Text messages;
• Browser-based capabilities;
• Downloadable software that connects them to their institution.

• Deployment of 50 credit union mobile banking offerings operated by mobile service provider M-Shift;
• Announcement in early January that Verizon is entering the mobile banking arena, paired with mobile banking service provider Firethorn;
• November announcement by AT&T of similar arrangements with Firethorn.

How Safe Is Mobile?
Consumers have embraced the new ability to check their accounts via their cell phone, and security limitations seem to be no barrier to acceptance, Holland says.

David Miner, Senior Director of Financial Services Industry Solutions at Symantec, a major information security vendor, sees the mobile market as a place of "converging dynamics" -- a perfect storm of customer demand and the increasing use of the cell phone for more than just voice. He suggests that institutions offering mobile banking to customers need to think out carefully their encryption strategies, and what steps will be taken for wiping information off of lost cell phones.

"We see mobile as an increasingly targeted end point that the bad guys will want to go after, with more attacks, spam and viruses," Miner says.

Holland describes one vector where mobile phones could be most vulnerable to attack. "Where phishing is primarily an attack over email, and it moves the victim to a fraudulent website, with mobile there is very little integrity in any of the channels," he says. "There are multiple channels users have to be aware of."

If, for example, an SMS message comes laden with a virus, it can then infect via Bluetooth all the other phones in the area equipped with Bluetooth.

From a fraudster's perspective, banking by cell phones "will be an absolute goldmine, once real transactions begin," Holland says. To prevent fraud, institutions will have to go "out of channel" to authenticate a transaction. For example, the institution would send an SMS message to the customer, and they would have to send a reply back in order to authenticate a transfer. Holland sees at this point the mobile market is not very robust, and still is struggling with a very low degree of standardization across the mobile environment in terms of technology.

Holland recommends that institutions consider the following before implementing mobile banking:

• Avoid any degree of complexity when implementing mobile banking;
• Don't be overly ambitious, offering too much to your customers at once;
• Gradually turn up the heat and push for acceptance once it gets going.